<?php require_once "../includes/session.php"; require_once "../includes/db_connection.php"; require_once "../includes/functions.php"; confirm_user_logged_in(); if (!isset($_GET["user"])) { set_error_output("User not selected. "); } else { if (!check_existance_by_id("users", "id", $_GET["user"])) { set_error_output("User does not exist. "); } } include "../includes/layouts/header.php"; ?> <div class="row"> <div class="large-12 columns"> <div class="panel"> <h4>Friends</h4> <?php echo "<div id=\"friends_result_table\"> "; make_friends_table($_GET["user"]); echo "</div>"; if ($_SESSION["user_id"] == $_GET["user"]) { echo "<a id=\"delete_friends_link\"> Delete friends </a> "; } ?> <script src="javascripts/vendor/jquery.js"></script> <script src="javascripts/search_functions.js"> </script> <script> make_pages("#friends_result_table"); </script>
$query .= " activation = '{$activation}' "; $query .= "LIMIT 1 "; $result = mysqli_query($connection, $query); if ($result && mysqli_affected_rows($connection) > 0) { $user_id = mysqli_fetch_assoc($result)["id"]; $password = password_encrypt($_POST["password"]); $query = "UPDATE users "; $query .= "SET password = '******' "; $query .= "WHERE id = {$user_id} "; $query .= "LIMIT 1 "; $result = mysqli_query($connection, $query); if (!$result || mysqli_affected_rows($connection) <= 0) { set_error_output("Reset password failed."); } } else { set_error_output("Reset password failed."); } } ?> <?php include "../includes/layouts/header.php"; ?> <div class="row"> <div class="large-12 columns"> <div class="panel"> Password has been changed. Please <a href="log_in.php"> Log in </a> </div> </div> </div> <?php
if (get_failed_login_attempts_by_username($safe_username) > 3) { $time_left = username_throttle_time_left($safe_username, 10 * 60); if ($time_left > 0) { $wait_time = format_time_since_in_words($time_left); set_error_output("You have used too many login attempts. Please wait {$wait_time} and try again. "); } } $found_user = attempt_user_login($username, $password); // Test if there was a query error if ($found_user) { // Success // Mark user as logged in. $_SESSION["user_id"] = $found_user["id"]; $_SESSION["username"] = $found_user["username"]; update_last_login_date($found_user["id"]); redirect_to("index.php"); } else { // Failure $safe_username = mysql_prep($username); add_failed_attempt($safe_username); // if more then 10 in the last 15 minutes, this will happen throttle_all_logins(); // in last 15 minutes by default if (get_failed_login_attempts_by_username($safe_username) >= 3) { set_error_output("You have used too many login attempts. Please wait 10 minutes and try again. "); } set_error_output("Username or password not found. ", "log_in.php"); } } else { // this is probably a get request }
// Check file size if ($_FILES["user_image"]["size"] > 500000) { chmod('images/avatars/', 0755); set_error_output("Sorry, your file is too large."); $uploadOk = 0; } // Allow certain file formats if ($image_file_type != "jpg" && $image_file_type != "png" && $image_file_type != "jpeg" && $image_file_type != "gif") { chmod('images/avatars/', 0755); set_error_output("Sorry, only JPG, JPEG, PNG & GIF files are allowed."); $uploadOk = 0; } // Check if $uploadOk is set to 0 by an error if ($uploadOk == 0) { echo "Sorry, your file was not uploaded."; // if everything is ok, try to upload file } else { if (move_uploaded_file($_FILES["user_image"]["tmp_name"], $target_file)) { update_user_avatar($_SESSION["user_id"], $target_file); chmod('images/avatars/', 0755); show_message("The file " . basename($_FILES["user_image"]["name"]) . " has been uploaded."); } else { chmod('images/avatars/', 0755); set_error_output("Sorry, there was an error uploading your file."); } } ?>
function check_throttle_all() { $throttle = array(10 => 1, 20 => 2, 30 => 15); foreach ($throttle as $attempts => $delay) { if (get_total_failed_login_attempts() > $attempts) { $time_left = throttle_time_left($delay); if ($time_left > 0) { $wait_time = format_time_since_in_words($time_left); set_error_output("'Our servers are being overloaded. Please wait {$wait_time} and try again. "); } } } }
if (mysqli_num_rows($result) != 0) { set_error_output("That username has already been registered. Please select another."); } } // Create a unique activation code: $activation = md5(uniqid(rand(), true)); $query = "INSERT INTO users ( "; $query .= "username, password, email, activation "; $query .= ") VALUES ( "; $query .= " '{$username}', '{$password}', '{$email}', '{$activation}' "; $query .= " ) "; $result = mysqli_query($connection, $query); if ($result) { // Success init_user_avatar($username); // Send the email $body = " To activate your account, please click on this link:\n\n"; $body .= WEBSITE_URL . '/activation.php?email=' . urlencode($email) . "&key={$activation}"; $mailer = Swift_Mailer::newInstance($transport); $message = Swift_Message::newInstance('Registration Confirmation')->setFrom(array(EMAIL => 'Hotline to Hell Girl'))->setTo(array($email))->setBody($body); $result = $mailer->send($message); echo '<div class="panel">Thank you for registering! A confirmation email has been sent to ' . $email . ' Please click on the Activation Link to Activate your account </div>'; } else { // Failure set_error_output("You could not be registered due to a system error. We apologize for any\n\t\t\t\t\tinconvenience."); } } ?> <?php include "../includes/layouts/footer.php";
<?php require_once "../includes/session.php"; require_once "../includes/db_connection.php"; require_once "../includes/functions.php"; if (!isset($_SESSION["user_id"])) { set_error_output("Please log in to add friend. ", "log_in.php"); } else { if (!isset($_GET["user"])) { set_error_output("Invalid friend. ", "index.php"); } else { if ($_SESSION["user_id"] == $_GET["user"]) { set_error_output("Cannot add yourself to your own friends list. ", "index.php"); } else { if (already_friend($_SESSION["user_id"], $_GET["user"])) { set_error_output("That user is already on your friends list. ", "user.php?user="******"user"])); } } } } add_friend($_SESSION["user_id"], $_GET["user"]); redirect_to("user.php?user="******"user_id"]);
if (!isset($_GET["user"])) { set_error_output("Favorite deletion failed. User not selected.", "index.php"); } else { if ($_SESSION["user_id"] != $_GET["user"]) { set_error_output("Favorite deletion failed. ", "index.php"); } else { if (!isset($_GET["episode"])) { set_error_output("Favorite deletion failed. Episode not selected. ", "search.php?epname="); } else { if (!check_existance_by_id("episodes", "EpID", $_GET["episode"])) { set_error_output("Episode does not exist.", "search.php?epname="); } else { if (!check_existance_by_id("users", "id", $_GET["user"])) { set_error_output("User does not exist. ", "index.php"); } else { if (!already_favorite($_GET["user"], $_GET["episode"])) { set_error_output("You never favorited that", "video.php?e=" . urlencode($_GET["episode"])); } } } } } } } if (!delete_favorite($_GET["user"], $_GET["episode"])) { set_error_output("Favorite deletion failed. Database error.", "video.php?e=" . urlencode($_GET["episode"])); } ?> Favorite:<i class="fi-like" id="video_info_panel_favorite_icon"></i>
<?php require_once "../includes/session.php"; require_once "../includes/db_connection.php"; require_once "../includes/functions.php"; if (!isset($_GET["user"])) { set_error_output("No user selected"); } else { $user = find_user_by_id($_GET["user"]); if (!$user) { set_error_output("User not found. "); } else { if ($user["id"] == $_SESSION["user_id"]) { $users_profile = true; } else { $users_profile = false; } } } include "../includes/layouts/header.php"; ?> <div class="row"> <div class="large-4 columns"> <div class="panel"> <h2><?php echo $user["username"]; ?> </h2> <img src="<?php echo get_user_avatar($user["id"])["file_path"];
set_error_output("Favorite failed. User not selected.", "video.php?e=" . urlencode($_GET["episode"])); } else { if ($_SESSION["user_id"] != $_GET["user"]) { set_error_output("Favorite failed. ", "video.php?e=" . urlencode($_GET["episode"])); } else { if (!isset($_GET["episode"])) { set_error_output("Favorite failed. Episode not selected. ", "search.php?epname=+"); } else { if (!check_existance_by_id("episodes", "EpID", $_GET["episode"])) { set_error_output("Episode does not exist.", "search.php?epname=+"); } else { if (!check_existance_by_id("users", "id", $_GET["user"])) { set_error_output("User does not exist. ", "video.php?e=" . urlencode($_GET["episode"])); } else { if (already_favorite($_GET["user"], $_GET["episode"])) { set_error_output("You have already favorited that", "video.php?e=" . urlencode($_GET["episode"])); } } } } } } } add_favorite($_GET["user"], $_GET["episode"]); // now that we know it was added, we can now output the html to replace the other. ?> <!--span data-user-id="<?php /* if (isset($_SESSION["user_id"])) { echo $_SESSION["user_id"]; } else {
<?php require_once "../includes/session.php"; require_once "../includes/db_connection.php"; require_once "../includes/functions.php"; include "../includes/layouts/header.php"; if (!isset($_GET["e"])) { set_error_output("No episode selected. "); } else { $episode = get_episode_by_id($_GET["e"]); if ($episode == null) { set_error_output("Episode not found. "); } } ?> <div class="row"> <div class="large-9 medium-9 columns"> <div class="panel"> <h3><?php echo $episode["EpName"]; ?> </h3> <!-- going to have to replace these query strings in my php --> <!--iframe src="http://videowing.me/embed/85ef0549e876ca9759874370ffc7f133?w=718&h=438" scrolling="no" width="718" height="438" marginheight="0" marginwidth="0" frameborder="0"></iframe--> <iframe src="<?php echo $episode["VidLink"]; ?> " scrolling="no" width="680" height="438" marginheight="0" marginwidth="0" frameborder="0"></iframe>